Description

ADFS 2.0 is being released today, but there is a group that has been using it for almost two years: Microsoft's IT department, which dogfooded ADFS 2.0 from the very first pre-release.Brian Puhl, Principal System Architect, and Femi Aladesulu, Service Engineer, share their vast experience in using ADFS 2.0, which they earned handling access to the Microsoft IT application portfolio on premises and in the cloud.

From the topology of Microsoft's internal ADFS 2.0 deployment to the description of how day-to-day operations (such as a new application's onboarding) are handled, Brian and Femi will take you on a whirlwind tour. Today, Microsoft IT is able to offer identity
as a reliable, self-provisioned service. Tune in to get tips that will help you to achieve the same results!

The Discussion

In the last minutes of the show, you identified a complex application having their own STS federated with the main Identity Provider STS. Is the "private" STS a private instance of ADFS2.0 or is it a custom implementation?

This question is coming from an ISV perspective. We want to embrace the claims model and “outsource” identity to an STS. But 1) the client may need us to provide the STS because they don’t have one, 2) they may want us to use an existing STS (political
struggle ensues to get our required claims from their IT), 3) they may want us to federate our STS with their IP-STS. Can ADFS2.0 be used as a private STS for an ISV application simliar to the scenerio you described? It seems SharePoint 2010 took this approach
with their own SharePoint STS.

Can you provide some insight into how an ISV installing software into the clients environment should approach this problem? (or suggest another place to post this question.) Thanks for your consideration.